package net.hserver.oauth.config;


import cn.dev33.satoken.oauth2.data.model.oidc.IdTokenModel;
import cn.dev33.satoken.oauth2.scope.handler.OidcScopeHandler;
import cn.hserver.core.ioc.annotation.Bean;
import cn.hutool.crypto.asymmetric.RSA;
import cn.hutool.jwt.JWT;
import cn.hutool.jwt.JWTPayload;
import cn.hutool.jwt.signers.JWTSigner;
import cn.hutool.jwt.signers.JWTSignerUtil;

import java.util.Map;

@Bean
public class CustomOidcScopeHandler extends OidcScopeHandler {

    @Override
    public IdTokenModel workExtraData(IdTokenModel idToken) {
        Object userId = idToken.sub;
        System.out.println("----- 为 idToken 追加扩展字段 ----- ");

        idToken.extraData.put("uid", userId); // 用户id
        idToken.extraData.put("nickname", "lin_xiao_lin"); // 昵称
        idToken.extraData.put("picture", "https://sa-token.cc/logo.png"); // 头像
        idToken.extraData.put("email", "456456@xx.com"); // 邮箱
        idToken.extraData.put("phone_number", "13144556677"); // 手机号
        // 更多字段 ...
        // 可参考：https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
        return idToken;
    }

    @Override
    public String generateJwtIdToken(IdTokenModel idToken) {

        //这里可以调用父类的token生成方式，但是比如minio的登录要求RS256的方式，同时害得有keyId 这里的OIDC登录就是minio方式的验证

        Map<String, Object> dataMap = convertIdTokenToMap(idToken);
        JWT jwt = JWT.create().addPayloads(dataMap);
        JWTPayload payload = jwt.getPayload();
        payload.setPayload("policy","readwrite");
        jwt.getHeader().setKeyId("123");
        String res = ("MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDQdZiJzhCnR5ok\n" +
                "tXPvWb3qEI85z54jomxdPBPWD+zAAubyoZZZ+DJPAT46EExGMOXDXJs7BUWXVVIb\n" +
                "fs/FwDwh9S5mACEdJRCwkGCcph4H22DsRUw65MTZcymr9Hg+2EYVrmJD4Ex76tMg\n" +
                "8neT55uf2W1PplnFHU8253sCuv9UuewrJpZugVeUCHzj0zh226R5tCj1Ts8gGNtV\n" +
                "zpczd5Mr3vX7//1DwE/ZLJ/y1lwUoikF/YcBJpslvH2NYurFHAtp5wCIurawCAVJ\n" +
                "MpvkFUm1LukBBSalt/TxffIH1+gaEgq8Qv8wbyAeAQfjU52/vkrMAOuRlUTSFmcA\n" +
                "uE5oL0sjAgMBAAECggEBAKt13kaS0M3Wrim9eiOIDBaHEld5ttgWk81ISgSLSq9Q\n" +
                "c8dkM3fDFxY2rokxuJsPQx0igafVGT11dziYYKuGB6/irAxH1PTU9NpVlrGiTRcn\n" +
                "UZxlD2NtoaA+AiumxHTkjRjuO3Ma/a37Izd5V/O20CF1xFx8NmBUUECXu20uhC+Z\n" +
                "1M8BLlDrrlqwnn+WSfzl3WTFOvNxofeO14LiOWvNSSL+eKkuvJGlPTgdfqMqOKHt\n" +
                "guqyyZow2BomrKXt7pXTjGRZ3kaJsBq1269CHzjsWj0ClD/OnBDPHxXnELpZASW5\n" +
                "CcfnxCJgR8wVxQ3elxq5GB3iXJrRzQMUDaP180LAVckCgYEA9HGji6mXK7b3hKTV\n" +
                "eVhxhh3+f0nlP2LZqyXHPeVfctyLsMIlfBKncetAQCyuWYc0mbu9EB0h9VxgS33F\n" +
                "VbN+4QBAbhZDoZnD6/Gk4zoL4AMDWqA7nm7D1dkeXpwR6yKV+UUFryEdDhyAs8FH\n" +
                "KrIE12736kTUyKH3dJvmwO1TOl0CgYEA2lB1Cks25ETnx6g2kk4yJPTbAZiL0csj\n" +
                "ix13OzlihC6Yq6udwWIs2gw1rXYcZ3XlQH33U7DEv0P2vw8MM1absAsRArROioGo\n" +
                "UTlcGbsS5CxmAvUAn0il2O1dZJ3fdIgA5K6cghdEwzY99tCi9m+UHmb2mGL9b5DB\n" +
                "UxNqkA4rQ38CgYAcoWLCbO6j1B5Rjuzh9ZX2W3T/e6w6LF3KSfZ4LXFshqBl55d0\n" +
                "XMr38NHpslIJcmiayP5v8LmVf2hX7zc5vnhR6jGhs0Hgn53u+LKTWq0hY7j02Gej\n" +
                "Ot39Ih0If8cpfzeJpqfvxzUb/gKlCzJGsesXQIwRCFbT2QSex9PTLPjekQKBgDZi\n" +
                "cKWd0xDOcYb1SpLr0+YM8TnWjI44sqQHNRqV0wrmqLWrTONN16qB/CU4FR9Y6UFF\n" +
                "oAVDNeAHyEIUN4/adXJHb3di/2XVot6JEX5/cddRkCAQdJU5fccqameURIQ9FSvi\n" +
                "q65kqYaPzqPbmZ0WcqmYMLoJfuT6BI7zeUplnTV1AoGBAKCXlmR50KfEdx+ZuBpJ\n" +
                "YJHhVm9OAjPItu5a/rxw29vWe0AK8mlJIsY5BzHlZQyCXEHHxEWgFFU+PmKEc+nR\n" +
                "E2ibfzbli9aUDrAa0YOAk3DG7lRETtaD/8tFCFFS2ZvyVnWIJsjd/Ka4y3NypkNF\n" +
                "odeEo3Z0jkqU69GCmHbPKkJS").replace("\n","");
        RSA rsa = new RSA(res,null);
        JWTSigner jwtSigner = JWTSignerUtil.rs256(rsa.getPrivateKey());
        String sign = jwt.setSigner(jwtSigner).sign();
        System.out.println(sign);
        return sign;
    }
}